Before I respond, I should preface this message by noting that this is probably no longer a development question (or at least, it is starting to become tangential), so I'm happy to repost this to openldap-software if desired. I just didn't want to do that without verifying that it would not be considered as cross-posting.
Howard Chu wrote: > Ryan Steele wrote: >> Hey folks, > > You have no idea what you're talking about, and pcache doesn't work as > you describe. Nor does "id" or nss for that matter. I've got no problem being be told I'm wrong, and welcome the chance to learn in the process. If you're right (and I've got no doubt you are given your knowledge of the subject is far deeper than my own), and the second half of my response clears up the confusion with respect to the semantics of attributes versus filters in this context, how can you explain the behavior in the following slapd output? When slapd receives a query in which an attribute list is specified, everything works; when it doesn't, the call to "id" hangs. The only difference I can discern from the output is that the second query is missing an attribute list. This is, in fact, what happens when I run "id ryans". When I firewall off the LDAP server, the id call hangs when it gets to the query in which there is no "SRCH attr", which causes the request to be proxied out to my remote LDAP server (an occurrence for which the evidence is documented below). I have more complete logs if you cannot make a determination from what I provide here: ## query with SRCH attr specified conn=1 op=2 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=ryans))" conn=1 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass query template of incoming query = (&(objectClass=)(uid=)) Entering QC, querystr = (&(objectClass=posixAccount)(uid=ryans)) Lock QC index = 0x7f6b83aa8d10 Not answerable: Unlock QC index=0x7f6b83aa8d10 QUERY NOT ANSWERABLE QUERY CACHEABLE ## same query with no SRCH attr specified conn=1 op=3 SRCH base="dc=aweber,dc=com" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=ryans))" query template of incoming query = (&(objectClass=)(uid=)) QUERY NOT ANSWERABLE QUERY NOT CACHEABLE ldap_create ldap_url_parse_ext(ldap://remotehost.example.com) ldap_extended_operation ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP remotehost.example.com:389 > > It is illegal for an LDAP search to have an empty filter. Go back and > read RFC 4511 before posting nonsense like this. I have read the RFC. I simply used the incorrect terminology - what I meant is, it has an empty attribute list, as denoted by the post above. I'll be more careful when articulating issues in the future to avoid this sort of miscommunication and/or confusion. And again, if you would like me to change the venue to openldap-software, I'm more than happy to repost it there, I just didn't want to cross-post before confirming. Cheers, Ryan